On Mar 20, 2009, at 3:47 AM, Martin Paljak wrote: > On 20.03.2009, at 7:36, Henry B. Hotz wrote: > >> I don't think I'm having any trouble with the PIN in normal OpenSC >> operations, but I can't unlock the card in Apple's Keychain Access >> app. >> >> NASA PIV card, SCM 331 reader, Leopard. >> >> Any pointers? How would I debug this? > > AFAIK the lock in keychain access has no meaning whatsoever. PIN is > verified when you access a key on your card.
Granted, it's not "authoritative", but it's not meaningless. If you only lock/unlock the card via the GUI it's probably accurate. > If it is a PIV card, you probably don't use OpenSC tokend, but the CAC > one? I might be wrong. Anyway, you don't need to "unlock" the > keychain, you need to provide the PIN when you use a key/certificate > on the card. CAC uses the CAC Tokend. PIV uses the PIV Tokend. (Out of the box anyway.) I have a PIV, not a CAC because I work for a NASA contractor, not for the DOD. ;-) I'm told the problem with the Apple Tokend is that it doesn't support 2048 bit RSA keys. In any case loginWindow on Leopard can't identify me based on the card. Substituting the OpenSC Tokend fixes that problem, but the PIN still isn't accepted. I'm willing to do some debugging, if someone will tell me what to look at. Maybe where to put syslog calls in a custom build? ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. henry.b.h...@jpl.nasa.gov, or hbh...@oxy.edu _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
